Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resurrect deprecated and removed authentication settings. #110835

Merged
merged 1 commit into from
Sep 3, 2021
Merged

Resurrect deprecated and removed authentication settings. #110835

merged 1 commit into from
Sep 3, 2021

Conversation

azasypkin
Copy link
Member

@azasypkin azasypkin commented Sep 1, 2021
edited
Loading

Summary

Resurrect deprecated and removed authentication settings.

Note to reviewers: almost everything is copied from 7.x branch. It turned out integration tests in master and 7.x already have a reasonable mix of tests that use old and new authc config, so I didn't add anything, except for authc.providers -> authProviders switch in OIDC API integration tests (just to have some tests with the oldest config format).

@azasypkin azasypkin added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:Security/Authentication Platform Security - Authentication v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.16.0 labels Sep 1, 2021
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@azasypkin azasypkin marked this pull request as ready for review September 1, 2021 18:08
@azasypkin azasypkin requested a review from a team as a code owner September 1, 2021 18:08
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

watson
watson approved these changes Sep 3, 2021
View reviewed changes
Copy link
Contributor

@watson watson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍 Just a small question, though I expect it's just me who doesn't understand

x-pack/plugins/security/server/config_deprecations.ts
@@ -13,6 +13,7 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({
unused,
}) => [
rename('sessionTimeout', 'session.idleTimeout'),
rename('authProviders', 'authc.providers'),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not clear to me why you're mapping between authProviders and authc.providers - is this reflected in the documentation?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's in our old docs. The authProviders: string[] was the first authc-related configuration we introduced in 6.2/3, then we migrated to a authc.providers: string[] in anticipation to support a more complex authc.providers: Record<string, MoreComplexStructure> in the future (that's what we have today).

With this rename we just continue to support this ancient authProviders: string[] format.

Copy link
Member Author

@azasypkin azasypkin Sep 3, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Our deprecation handling logic will transform this:

xpack.security.authProviders: [basic]

first to this (with rename):

xpack.security.authc.providers: [basic]

and then to this (with custom deprecation transformer):

xpack.security.authc.providers.basic.basic.order: 0

@azasypkin azasypkin merged commit c42391e into elastic:master Sep 3, 2021
@azasypkin azasypkin deleted the issue-xxx-resurrect-deprecated-authc-settings branch September 3, 2021 09:42
@azasypkin azasypkin added the auto-backport Deprecated - use backport:version if exact versions are needed label Sep 3, 2021
@kibanamachine
Copy link
Contributor

💔 Backport failed

Status Branch Result
7.x Commit could not be cherrypicked due to conflicts

To backport manually run:
node scripts/backport --pr 110835

@azasypkin azasypkin mentioned this pull request Sep 3, 2021
Merged
azasypkin added a commit that referenced this pull request Sep 3, 2021
@azasypkin
Resurrect deprecated and removed authentication settings. (#110835) (#…
1b72b57 
…111107)

# Conflicts:
#	x-pack/plugins/security/server/config.test.ts
@azasypkin azasypkin mentioned this pull request Sep 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@watson watson watson approved these changes

Assignees
No one assigned
Labels
auto-backport Deprecated - use backport:version if exact versions are needed Feature:Security/Authentication Platform Security - Authentication release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v7.16.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@azasypkin @kibanamachine @elasticmachine @watson